function Show($WEB_FORM_VARNAME, $arrVALUES=false, $SHOW_TEMPLATE=false, $PREVIEW="N") { global $DB, $MESS, $APPLICATION, $USER, $_REQUEST, $HTTP_POST_VARS, $HTTP_GET_VARS, $arrFIELDS; $err_mess = (CAllForm::err_mess())."<br>Function: Show<br>Line: "; if ($arrVALUES===false) $arrVALUES = $_REQUEST; $z = CForm::GetBySID($WEB_FORM_VARNAME); $zr = $z->Fetch(); $WEB_FORM_ID = $FORM_ID = intval($zr["ID"]); $WEB_FORM_ID = CForm::GetDataByID($WEB_FORM_ID, $arForm, $arQuestions, $arAnswers, $arDropDown, $arMultiSelect); if (intval($WEB_FORM_ID)>0) { $F_RIGHT = CForm::GetPermission($WEB_FORM_ID); if (intval($F_RIGHT)>=10) { if (strlen(trim($SHOW_TEMPLATE))>0) $template = $SHOW_TEMPLATE; else { if (strlen(trim($arForm["SHOW_TEMPLATE"]))<=0) $template = "default.php"; else $template = $arForm["SHOW_TEMPLATE"]; } $path = COption::GetOptionString("form","SHOW_TEMPLATE_PATH"); IncludeModuleLangFile($_SERVER["DOCUMENT_ROOT"]."/freetrix/modules/form/include.php"); include(GetLangFileName($_SERVER["DOCUMENT_ROOT"].$path."lang/", "/".$template)); if ($APPLICATION->GetShowIncludeAreas()) { $arIcons = Array(); if (CModule::IncludeModule("fileman")) { $arIcons[] = Array( "URL" => "/freetrix/admin/fileman_file_edit.php?lang=".LANGUAGE_ID."&site=".SITE_ID."&full_src=Y&path=". urlencode($path.$template), "SRC" => "/freetrix/images/form/panel/edit_template.gif", "ALT" => GetMessage("FORM_PUBLIC_ICON_TEMPLATE") ); $arrUrl = parse_url($_SERVER["REQUEST_URI"]); $arIcons[] = Array( "URL" => "/freetrix/admin/fileman_file_edit.php?lang=".LANGUAGE_ID."&site=".SITE_ID."&full_src=Y&path=". urlencode($arrUrl["path"]), "SRC" => "/freetrix/images/form/panel/edit_file.gif", "ALT" => GetMessage("FORM_PUBLIC_ICON_HANDLER") ); } $arIcons[] = Array( "URL" => "/freetrix/admin/form_edit.php?lang=".LANGUAGE_ID."&ID=".$WEB_FORM_ID, "SRC" => "/freetrix/images/form/panel/edit_form.gif", "ALT" => GetMessage("FORM_PUBLIC_ICON_SETTINGS") ); echo $APPLICATION->IncludeStringBefore($arIcons); } include($_SERVER["DOCUMENT_ROOT"].$path.$template); if ($APPLICATION->GetShowIncludeAreas()) { echo $APPLICATION->IncludeStringAfter(); } } } }
/** * @inheritdoc executeProlog */ protected function executeProlog() { if (!$this->needCache()) { $this->arParams['CACHE_TYPE'] = 'N'; } if (!empty($this->arParams['WEB_FORM_CODE'])) { $this->formId = $this->getFormId($this->arParams['WEB_FORM_CODE']); } if (!$this->formId) { throw new \Exception(sprintf('Web form doesn\'t exists with code %s', $this->arParams['WEB_FORM_CODE'])); } $this->permissions = \CForm::GetPermission($this->formId); $this->handlePost(); $this->isSuccess = $this->isSuccess(); $this->addCacheAdditionalId(json_encode($this->arParams)); $this->addCacheAdditionalId($this->permissions); }
/** * Form initializing and checking. If form's wrong, returns false * Use ShowErrorMsg() to output error code * * @param array $arParams * @return bool */ function Init($arParams, $admin = false) { global $APPLICATION, $USER; $this->bSimple = COption::GetOptionString("form", "SIMPLE", "Y") == "Y" ? true : false; $this->comp2 = !empty($arParams["COMPONENT"]); $this->SHOW_INCLUDE_AREAS = $APPLICATION->GetShowIncludeAreas(); if ($admin) { $FORM_RIGHT = $APPLICATION->GetGroupRight("form"); if ($FORM_RIGHT <= "D") { $APPLICATION->AuthForm(GetMessage("ACCESS_DENIED")); } $this->__admin = true; } $this->arParams = $arParams; $this->RESULT_ID = intval($arParams["RESULT_ID"]); if (intval($this->RESULT_ID) <= 0) { $this->RESULT_ID = intval($_REQUEST["RESULT_ID"]); } // if there's result ID try to get form ID if (intval($this->RESULT_ID) > 0) { $DBRes = CFormResult::GetByID($this->RESULT_ID); if ($arrResult = $DBRes->Fetch()) { $this->WEB_FORM_ID = intval($arrResult["FORM_ID"]); } } if (intval($this->WEB_FORM_ID) <= 0) { $this->WEB_FORM_ID = intval($arParams["WEB_FORM_ID"]); } // if there's no WEB_FORM_ID, try to get it from $_REQUEST; if (intval($this->WEB_FORM_ID) <= 0) { $this->WEB_FORM_ID = intval($_REQUEST["WEB_FORM_ID"]); } // check WEB_FORM_ID and get web form data $this->WEB_FORM_ID = CForm::GetDataByID($this->WEB_FORM_ID, $this->arForm, $this->arQuestions, $this->arAnswers, $this->arDropDown, $this->arMultiSelect, $this->__admin || $this->arParams["SHOW_ADDITIONAL"] == "Y" || $this->arParams["EDIT_ADDITIONAL"] == "Y" ? "ALL" : "N", $this->__admin ? 'Y' : 'N'); $this->WEB_FORM_NAME = $this->arForm["SID"]; // if wrong WEB_FORM_ID return error; if ($this->WEB_FORM_ID > 0) { // insert chain item if (strlen($this->arParams["CHAIN_ITEM_TEXT"]) > 0) { $APPLICATION->AddChainItem($this->arParams["CHAIN_ITEM_TEXT"], $this->arParams["CHAIN_ITEM_LINK"]); } // check web form rights; $this->F_RIGHT = intval(CForm::GetPermission($this->WEB_FORM_ID)); // in no form access - return error if ($this->isAccessForm()) { if (!empty($_REQUEST["strFormNote"])) { $this->strFormNote = $_REQUEST["strFormNote"]; } if (!$this->comp2 || $this->arParams["COMPONENT"]["componentName"] != "bitrix:form.result.list" || $this->isAccessFormResultList()) { if ($this->RESULT_ID) { if ($this->isAccessFormResult($arrResult)) { $this->arrRESULT_PERMISSION = CFormResult::GetPermissions($this->RESULT_ID, $v); // check result rights if (!$this->comp2 && !$this->isAccessFormResultEdit() || $this->comp2 && ($this->arParams["COMPONENT"]["componentName"] == "bitrix:form.result.edit" && !$this->isAccessFormResultEdit() || $this->arParams["COMPONENT"]["componentName"] == "bitrix:form.result.view" && !$this->isAccessFormResultView())) { $this->__error_msg = "FORM_RESULT_ACCESS_DENIED"; } else { if (!$arrResult) { $z = CFormResult::GetByID($this->RESULT_ID); $this->arResult = $z->Fetch(); } else { $this->arResult = $arrResult; } if ($this->arResult) { if ($this->comp2 && $this->arParams["COMPONENT"]["componentName"] == "bitrix:form.result.view") { CForm::GetResultAnswerArray($this->WEB_FORM_ID, $this->arrResultColumns, $this->arrVALUES, $this->arrResultAnswersSID, array("RESULT_ID" => $this->RESULT_ID)); $this->arrVALUES = $this->arrVALUES[$this->RESULT_ID]; } else { $this->arrVALUES = CFormResult::GetDataByIDForHTML($this->RESULT_ID, $this->arParams["EDIT_ADDITIONAL"]); } } else { $this->__error_msg = "FORM_RECORD_NOT_FOUND"; } } } else { $this->__error_msg = "FORM_ACCESS_DENIED"; } $this->arForm["USE_CAPTCHA"] = "N"; } else { // if form uses CAPCHA initialize it if ($this->arForm["USE_CAPTCHA"] == "Y") { $this->CaptchaInitialize(); } } } else { $this->__error_msg = "FORM_ACCESS_DENIED"; } } else { $this->__error_msg = "FORM_ACCESS_DENIED"; } // endif ($F_RIGHT>=10); } else { $this->__error_msg = "FORM_NOT_FOUND"; } // endif ($WEB_FORM_ID>0); return empty($this->__error_msg); }
***************************************************************************/ $WEB_FORM_ID = intval($_REQUEST['WEB_FORM_ID']); $ID = intval($_REQUEST['ID']); $copy_id = intval($_REQUEST['copy_id']); $arForm = CForm::GetByID_admin($WEB_FORM_ID); if (false === $arForm) { require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_admin_after.php"; echo "<a href='form_list.php?lang=" . LANGUAGE_ID . "' >" . GetMessage("FORM_FORM_LIST") . "</a>"; echo ShowError(GetMessage("FORM_NOT_FOUND")); require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/epilog_admin.php"; die; } $txt = "(" . htmlspecialcharsbx($arForm['SID']) . ") " . htmlspecialcharsbx($arForm['NAME']); $link = "form_edit.php?lang=" . LANGUAGE_ID . "&ID=" . $WEB_FORM_ID; $adminChain->AddItem(array("TEXT" => $txt, "LINK" => $link)); $F_RIGHT = CForm::GetPermission($WEB_FORM_ID); if ($F_RIGHT < 25) { $APPLICATION->AuthForm(GetMessage("ACCESS_DENIED")); } if ($copy_id > 0 && $F_RIGHT >= 30 && check_bitrix_sessid()) { $new_id = CFormField::Copy($copy_id); if (strlen($strError) <= 0 && intval($new_id) > 0) { LocalRedirect("form_field_edit.php?ID=" . $new_id . "&additional=" . $additional . "&WEB_FORM_ID=" . $WEB_FORM_ID . "&lang=" . LANGUAGE_ID . "&strError=" . urlencode($strError)); } } if ((strlen($_REQUEST['save']) > 0 || strlen($_REQUEST['apply']) > 0) && $_SERVER['REQUEST_METHOD'] == "POST" && $F_RIGHT >= 30 && check_bitrix_sessid()) { $arIMAGE = $_FILES["IMAGE_ID"]; $arIMAGE["MODULE_ID"] = "form"; $arIMAGE["del"] = $_REQUEST['IMAGE_ID_del']; $ACTIVE = $_REQUEST['ACTIVE']; $TITLE = $_REQUEST['TITLE'];
$DB->StartTransaction(); if (!CForm::Delete($ID)) { $DB->Rollback(); $lAdmin->AddGroupError(GetMessage("DELETE_ERROR"), $ID); } $DB->Commit(); break; } } } ////////////////////////////////////////////////////////////////////// // list initialization - get data $rsData = CForm::GetList($by, $order, $arFilter, $is_filtered); $arData = array(); while ($arForm = $rsData->Fetch()) { $F_RIGHT = CForm::GetPermission($arForm["ID"]); if ($F_RIGHT >= 20) { $arForm["F_RIGHT"] = $F_RIGHT; $arData[] = $arForm; } } $rsData->InitFromArray($arData); $rsData = new CAdminResult($rsData, $sTableID); $rsData->NavStart(); // set navigation bar $lAdmin->NavText($rsData->GetNavPrint(GetMessage("FORM_PAGES"))); $headers = array(array("id" => "ID", "content" => "ID", "sort" => "s_id", "default" => true), array("id" => "SITE", "content" => GetMessage("FORM_SITE"), "default" => true), array("id" => "C_SORT", "content" => GetMessage("FORM_C_SORT"), "sort" => "s_c_sort", "default" => true)); if (!$bSimple) { $headers[] = array("id" => "SID", "content" => GetMessage("FORM_SID"), "sort" => "s_sid", "default" => true); } $headers[] = array("id" => "NAME", "content" => GetMessage("FORM_NAME"), "sort" => "s_name", "default" => true);
function Reset($ID, $CHECK_RIGHTS = "Y") { global $DB, $strError; $err_mess = CAllForm::err_mess() . "<br>Function: Reset<br>Line: "; $ID = intval($ID); $F_RIGHT = $CHECK_RIGHTS != "Y" ? 30 : CForm::GetPermission($ID); if ($F_RIGHT >= 30) { // обнул¤ем пол¤ формы $rsFields = CFormField::GetList($ID, "ALL", $by, $order, array(), $is_filtered); while ($arField = $rsFields->Fetch()) { CFormField::Reset($arField["ID"], "N"); } // удал¤ем результаты данной формы $DB->Query("DELETE FROM b_form_result WHERE FORM_ID='{$ID}'", false, $err_mess . __LINE__); return true; } else { $strError .= GetMessage("FORM_ERROR_ACCESS_DENIED") . "<br>"; } return false; }
function Show($RESULT_ID, $TEMPLATE = "", $TEMPLATE_TYPE = "show", $SHOW_ADDITIONAL = "N", $SHOW_ANSWER_VALUE = "Y", $SHOW_STATUS = "N") { global $DB, $MESS, $APPLICATION, $USER, $HTTP_POST_VARS, $HTTP_GET_VARS, $arrRESULT_PERMISSION, $arrFIELDS; $err_mess = CAllFormResult::err_mess() . "<br>Function: Show<br>Line: "; $z = CFormResult::GetByID($RESULT_ID); if ($zr = $z->Fetch()) { $arrResult = $zr; InitBVar($SHOW_ADDITIONAL); $additional = $SHOW_ADDITIONAL == "Y" ? "ALL" : "N"; $WEB_FORM_ID = $FORM_ID = CForm::GetDataByID($arrResult["FORM_ID"], $arForm, $arQuestions, $arAnswers, $arDropDown, $arMultiSelect, $additional); CForm::GetResultAnswerArray($WEB_FORM_ID, $arrResultColumns, $arrResultAnswers, $arrResultAnswersVarname, array("RESULT_ID" => $RESULT_ID)); $arrResultAnswers = $arrResultAnswers[$RESULT_ID]; // проверим общие права на результат $F_RIGHT = CForm::GetPermission($WEB_FORM_ID); if (intval($F_RIGHT) >= 20 || $F_RIGHT >= 15 && $zr["USER_ID"] == $USER->GetID()) { // проверим права в зависимости от статуса результата $arrRESULT_PERMISSION = CFormResult::GetPermissions($RESULT_ID, $v); if (in_array("VIEW", $arrRESULT_PERMISSION)) { if (strlen(trim($TEMPLATE)) > 0) { $template = $TEMPLATE; } else { if ($TEMPLATE_TYPE == "show") { if (strlen($arrResult["SHOW_RESULT_TEMPLATE"]) <= 0) { $template = "default.php"; } else { $template = $arrResult["SHOW_RESULT_TEMPLATE"]; } } elseif ($TEMPLATE_TYPE == "print") { if (strlen($arrResult["PRINT_RESULT_TEMPLATE"]) <= 0) { $template = "default.php"; } else { $template = $arrResult["PRINT_RESULT_TEMPLATE"]; } } } require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/form/include.php"; if ($TEMPLATE_TYPE == "show") { $path = COption::GetOptionString("form", "SHOW_RESULT_TEMPLATE_PATH"); } elseif ($TEMPLATE_TYPE == "print") { $path = COption::GetOptionString("form", "PRINT_RESULT_TEMPLATE_PATH"); } IncludeModuleLangFile($_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/form/include.php"); include GetLangFileName($_SERVER["DOCUMENT_ROOT"] . $path . "lang/", "/" . $template); if ($APPLICATION->GetShowIncludeAreas()) { $arIcons = array(); if (CModule::IncludeModule("fileman")) { $arIcons[] = array("URL" => "/bitrix/admin/fileman_file_edit.php?lang=" . LANGUAGE_ID . "&site=" . SITE_ID . "&full_src=Y&path=" . urlencode($path . $template), "SRC" => "/bitrix/images/form/panel/edit_template.gif", "ALT" => GetMessage("FORM_PUBLIC_ICON_TEMPLATE")); $arrUrl = parse_url($_SERVER["REQUEST_URI"]); $arIcons[] = array("URL" => "/bitrix/admin/fileman_file_edit.php?lang=" . LANGUAGE_ID . "&site=" . SITE_ID . "&full_src=Y&path=" . urlencode($arrUrl["path"]), "SRC" => "/bitrix/images/form/panel/edit_file.gif", "ALT" => GetMessage("FORM_PUBLIC_ICON_HANDLER")); } $arIcons[] = array("URL" => "/bitrix/admin/form_edit.php?lang=" . LANGUAGE_ID . "&ID=" . $WEB_FORM_ID, "SRC" => "/bitrix/images/form/panel/edit_form.gif", "ALT" => GetMessage("FORM_PUBLIC_ICON_SETTINGS")); echo $APPLICATION->IncludeStringBefore($arIcons); } include $_SERVER["DOCUMENT_ROOT"] . $path . $template; if ($APPLICATION->GetShowIncludeAreas()) { echo $APPLICATION->IncludeStringAfter(); } } } } }
// check WEB_FORM_ID and get web form data $arParams["WEB_FORM_ID"] = CForm::GetDataByID($arParams["WEB_FORM_ID"], $arResult["arForm"], $arResult["arQuestions"], $arResult["arAnswers"], $arResult["arDropDown"], $arResult["arMultiSelect"], $arResult["bAdmin"] == 'Y' || $arParams["SHOW_ADDITIONAL"] == "Y" || $arParams["EDIT_ADDITIONAL"] == "Y" ? "ALL" : "N"); $arResult["WEB_FORM_NAME"] = $arResult["arForm"]["SID"]; // if wrong WEB_FORM_ID return error; if ($arParams["WEB_FORM_ID"] > 0) { // insert chain item if (strlen($arParams["CHAIN_ITEM_TEXT"]) > 0) { $APPLICATION->AddChainItem($arParams["CHAIN_ITEM_TEXT"], $arParams["CHAIN_ITEM_LINK"]); } // check web form rights; $arResult["F_RIGHT"] = intval(CForm::GetPermission($arParams["WEB_FORM_ID"])); // in no form access - return error if ($arResult["F_RIGHT"] >= 15) { //if (!empty($_REQUEST["strFormNote"])) $arResult["FORM_NOTE"] = $_REQUEST["strFormNote"]; if (!empty($_REQUEST["formresult"])) { $formResult = strtoupper($_REQUEST['formresult']); switch ($formResult) { case 'ADDOK': $arResult['FORM_NOTE'] = str_replace("#RESULT_ID#", $arParams["RESULT_ID"], GetMessage('FORM_NOTE_ADDOK')); break; default: $arResult['FORM_NOTE'] = str_replace("#RESULT_ID#", $arParams["RESULT_ID"], GetMessage('FORM_NOTE_EDITOK'));
$arrSelect['reference_id'][] = $arr['reference_id'][$num]; $arrSelect['reference'][] = $arr['reference'][$num]; } } else { $arrSelect = $arr; } reset($arGroups); while (list(, $group) = each($arGroups)) { ?> <tr> <td width="40%"><?php echo $group["NAME"] . ":"; ?> </td> <td width="60%"><?php $perm = CForm::GetPermission($ID, array($group["ID"]), "Y"); // for simple method: change 20 (work with other results) access mode to 15 /* if ($bSimple) $perm = $perm==20 ? 15 : $perm; */ echo SelectBoxFromArray("PERMISSION_" . $group["ID"], $arrSelect, $perm, "", 'style="width: 80%;"'); ?> </td> </tr> <?php } $tabControl->EndTab(); $tabControl->Buttons(array("disabled" => !($ID > 0 && $F_RIGHT >= 30 || CForm::IsAdmin()), "back_url" => strlen($back_url) > 0 ? $back_url : "form_list.php?lang=" . LANGUAGE_ID)); $tabControl->End(); ?>
/** * <p>Копирует <a href="http://dev.1c-bitrix.ru/api_help/form/terms.php#status">статус</a>. Возвращает ID нового <a href="http://dev.1c-bitrix.ru/api_help/form/terms.php#status">статуса</a> в случае положительного результата, в противном случае - "false".</p> * * * * * @param int $status_id ID <a href="http://dev.1c-bitrix.ru/api_help/form/terms.php#status">статуса</a> который * необходимо скопировать. * * * * @param string $check_rights = "Y" Флаг необходимости проверки <a * href="http://dev.1c-bitrix.ru/api_help/form/terms.php#permissions">прав</a> текущего * пользователя. Возможны следующие значения: <ul> <li> <b>Y</b> - права * необходимо проверить; </li> <li> <b>N</b> - право не нужно проверять. </li> * </ul> Для копирования <a href="http://dev.1c-bitrix.ru/api_help/form/terms.php#status">статуса</a> * необходимо обладать нижеследующими <a * href="http://dev.1c-bitrix.ru/api_help/form/terms.php#permissions#module">правами</a>: <ol> <li> <b>[25] * просмотр параметров веб-формы</b> на ту веб-форму, из которой идет * копирование; </li> <li> <b>[30] полный доступ</b> на ту веб-форму, в которую * копируется. </li> </ol> Параметр необязательный. По умолчанию - "Y" * (права необходимо проверить). * * * * @param mixed $form_id = false ID <a href="http://dev.1c-bitrix.ru/api_help/form/terms.php#form">веб-формы</a> в который * необходимо скопировать <a * href="http://dev.1c-bitrix.ru/api_help/form/terms.php#status">статус</a>.<br> Необязательный * параметр. По умолчанию - "false" (текущая <a * href="http://dev.1c-bitrix.ru/api_help/form/terms.php#form">веб-форма</a>). * * * * @return mixed * * * <h4>Example</h4> * <pre> * <? * $status_id = 1; // ID статуса * // скопируем статус * if ($NEW_STATUS_ID = <b>CFormStatus::Copy</b>($status_id)) * { * echo "Статус #1 успешно скопирован в новый статус #".$NEW_STATUS_ID; * } * else * { * // выведем текст ошибки * global $strError; * echo $strError; * } * ?> * </pre> * * * * <h4>See Also</h4> * <ul> <li> <a href="http://dev.1c-bitrix.ru/api_help/form/classes/cform/copy.php">CForm::Copy</a> </li> <li> <a * href="http://dev.1c-bitrix.ru/api_help/form/classes/cformfield/copy.php">CFormField::Copy</a> </li> <li> <a * href="http://dev.1c-bitrix.ru/api_help/form/classes/cformanswer/copy.php">CFormAnswer::Copy</a> </li> </ul><a * name="examples"></a> * * * @static * @link http://dev.1c-bitrix.ru/api_help/form/classes/cformstatus/copy.php * @author Bitrix */ public static function Copy($ID, $CHECK_RIGHTS="Y", $NEW_FORM_ID=false) { global $DB, $APPLICATION, $strError; $err_mess = (CAllFormStatus::err_mess())."<br>Function: Copy<br>Line: "; $ID = intval($ID); $NEW_FORM_ID = intval($NEW_FORM_ID); $rsStatus = CFormStatus::GetByID($ID); if ($arStatus = $rsStatus->Fetch()) { $RIGHT_OK = "N"; if ($CHECK_RIGHTS!="Y" || CForm::IsAdmin()) $RIGHT_OK="Y"; else { $F_RIGHT = CForm::GetPermission($arStatus["FORM_ID"]); // если имеем право на просмотр параметров формы if ($F_RIGHT>=25) { // если задана новая форма if ($NEW_FORM_ID>0) { $NEW_F_RIGHT = CForm::GetPermission($NEW_FORM_ID); // если имеем полный доступ на новую форму if ($NEW_F_RIGHT>=30) $RIGHT_OK = "Y"; } elseif ($F_RIGHT>=30) // если имеем полный доступ на исходную форму { $RIGHT_OK = "Y"; } } } // если права проверили то if ($RIGHT_OK=="Y") { CFormStatus::GetPermissionList($ID, $arPERMISSION_VIEW, $arPERMISSION_MOVE, $arPERMISSION_EDIT, $arPERMISSION_DELETE); // копируем $arFields = array( "FORM_ID" => ($NEW_FORM_ID>0) ? $NEW_FORM_ID : $arStatus["FORM_ID"], "C_SORT" => $arStatus["C_SORT"], "ACTIVE" => $arStatus["ACTIVE"], "TITLE" => $arStatus["TITLE"], "DESCRIPTION" => $arStatus["DESCRIPTION"], "CSS" => $arStatus["CSS"], "HANDLER_OUT" => $arStatus["HANDLER_OUT"], "HANDLER_IN" => $arStatus["HANDLER_IN"], "DEFAULT_VALUE" => $arStatus["DEFAULT_VALUE"], "arPERMISSION_VIEW" => $arPERMISSION_VIEW, "arPERMISSION_MOVE" => $arPERMISSION_MOVE, "arPERMISSION_EDIT" => $arPERMISSION_EDIT, "arPERMISSION_DELETE" => $arPERMISSION_DELETE, ); $NEW_ID = CFormStatus::Set($arFields); return $NEW_ID; } else $strError .= GetMessage("FORM_ERROR_ACCESS_DENIED")."<br>"; } else $strError .= GetMessage("FORM_ERROR_STATUS_NOT_FOUND")."<br>"; return false; }
public static function CheckFields(&$arFields, $FIELD_ID, $CHECK_RIGHTS = "Y") { $err_mess = CAllFormField::err_mess() . "<br>Function: CheckFields<br>Line: "; global $DB, $strError; $str = ""; $FIELD_ID = intval($FIELD_ID); $FORM_ID = intval($arFields["FORM_ID"]); if ($FORM_ID <= 0) { $str .= GetMessage("FORM_ERROR_FORM_ID_NOT_DEFINED") . "<br>"; } else { $RIGHT_OK = "N"; if ($CHECK_RIGHTS != "Y" || CForm::IsAdmin()) { $RIGHT_OK = "Y"; } else { $F_RIGHT = CForm::GetPermission($FORM_ID); if ($F_RIGHT >= 30) { $RIGHT_OK = "Y"; } } if ($RIGHT_OK == "Y") { if (strlen(trim($arFields["SID"])) > 0) { $arFields["VARNAME"] = $arFields["SID"]; } elseif (strlen($arFields["VARNAME"]) > 0) { $arFields["SID"] = $arFields["VARNAME"]; } if ($FIELD_ID <= 0 && !is_set($arFields, 'ADDITIONAL')) { $arFields['ADDITIONAL'] = 'N'; } if ($FIELD_ID <= 0 || $FIELD_ID > 0 && is_set($arFields, "SID")) { if (strlen(trim($arFields["SID"])) <= 0) { $str .= GetMessage("FORM_ERROR_FORGOT_SID") . "<br>"; } if (preg_match("/[^A-Za-z_01-9]/", $arFields["SID"])) { $str .= GetMessage("FORM_ERROR_INCORRECT_SID") . "<br>"; } else { $strSql = "SELECT ID, ADDITIONAL FROM b_form_field WHERE SID='" . $DB->ForSql(trim($arFields["SID"]), 50) . "' and ID<>'" . $FIELD_ID . "' AND FORM_ID='" . $DB->ForSql($arFields["FORM_ID"]) . "'"; $z = $DB->Query($strSql, false, $err_mess . __LINE__); if ($zr = $z->Fetch()) { $s = $zr["ADDITIONAL"] == "Y" ? str_replace("#TYPE#", GetMessage("FORM_TYPE_FIELD"), GetMessage("FORM_ERROR_WRONG_SID")) : str_replace("#TYPE#", GetMessage("FORM_TYPE_QUESTION"), GetMessage("FORM_ERROR_WRONG_SID")); $s = str_replace("#ID#", $zr["ID"], $s); $str .= $s . "<br>"; } else { $strSql = "SELECT ID FROM b_form WHERE SID='" . $DB->ForSql(trim($arFields["SID"]), 50) . "'"; $z = $DB->Query($strSql, false, $err_mess . __LINE__); if ($zr = $z->Fetch()) { $s = str_replace("#TYPE#", GetMessage("FORM_TYPE_FORM"), GetMessage("FORM_ERROR_WRONG_SID")); $s = str_replace("#ID#", $zr["ID"], $s); $str .= $s . "<br>"; } } } } $str .= CFile::CheckImageFile($arFields["arIMAGE"]); } else { $str .= GetMessage("FORM_ERROR_ACCESS_DENIED"); } } $strError .= $str; if (strlen($str) > 0) { return false; } else { return true; } }
/** * <p>Устанавливает новый <a href="http://dev.1c-bitrix.ru/api_help/form/terms.php#status">статус</a> для <a href="http://dev.1c-bitrix.ru/api_help/form/terms.php#result">результата</a>. Возвращает "true" в случае успеха, в противном случае - "false".</p> * * * * * @param int $result_id ID <a href="http://dev.1c-bitrix.ru/api_help/form/terms.php#result">результата</a>. * * * * @param int $status_id ID нового <a href="http://dev.1c-bitrix.ru/api_help/form/terms.php#status">статуса</a>. * * * * @param string $check_rights = "Y" Флаг необходимости проверки прав текущего пользователя. * Возможны следующие значения: <ul> <li> <b>Y</b> - права необходимо * проверить; </li> <li> <b>N</b> - права не нужно проверять. </li> </ul> Для * успешной установки нового <a * href="http://dev.1c-bitrix.ru/api_help/form/terms.php#status">статуса</a> для указанного <a * href="http://dev.1c-bitrix.ru/api_help/form/terms.php#result">результата</a> необходимо * обладать следующими <a * href="http://dev.1c-bitrix.ru/api_help/form/permissions.php">правами</a>: <ol> <li>На веб-форму к * которой принадлежит редактируемый результат: <br><br><b>[20] Работа со * всеми результатами в соответствии с их статусами</b> <br><br>или, в * случае, если вы являетесь создателем удаляемого результата, * достаточно права: <br><br><b>[15] Работа со своим результатом в * соответствии с его статусом</b> <br> </li> <li>На статус, в котором * находится редактируемый результат, необходимо иметь право: * <br><br><b>[EDIT] редактирование</b> <br> </li> <li>На новый статус <i>status_id</i> * необходимо иметь право: <br><br><b>[MOVE] перевод результатов в данный * статус</b> </li> </ol> Параметр необязательный. По умолчанию - "Y" (права * необходимо проверить). * * * * @return bool * * * <h4>Example</h4> * <pre> * <? * $RESULT_ID = 189; // ID результата * $STATUS_ID = 1; // ID статуса "Опубликовано" * * // установим новый статус для результата * // с проверкой прав текущего пользователя * if (<b>CFormResult::SetStatus</b>($RESULT_ID, $STATUS_ID)) * { * echo "Статус #".$STATUS_ID." для результата #".$RESULT_ID." успешно установлен."; * } * else // ошибка * { * global $strError; * echo $strError; * } * ?> * </pre> * * * @static * @link http://dev.1c-bitrix.ru/api_help/form/classes/cformresult/setstatus.php * @author Bitrix */ public static function SetStatus($RESULT_ID, $NEW_STATUS_ID, $CHECK_RIGHTS="Y") { $err_mess = (CAllFormResult::err_mess())."<br>Function: SetStatus<br>Line: "; global $DB, $USER, $strError, $APPLICATION; $NEW_STATUS_ID = intval($NEW_STATUS_ID); $RESULT_ID = intval($RESULT_ID); if ($RESULT_ID <= 0 || $NEW_STATUS_ID <= 0) return false; $strSql = "SELECT USER_ID, FORM_ID FROM b_form_result WHERE ID='".$RESULT_ID."'"; $z = $DB->Query($strSql, false, $err_mess.__LINE__); if ($zr = $z->Fetch()) { $WEB_FORM_ID = intval($zr["FORM_ID"]); // rights check $RIGHT_OK = "N"; if ($CHECK_RIGHTS!="Y") { $dbRes = CFormStatus::GetByID($NEW_STATUS_ID); if ($dbRes->Fetch()) { $RIGHT_OK="Y"; } } else { // form rights $F_RIGHT = CForm::GetPermission($WEB_FORM_ID); if ($F_RIGHT>=20 || ($F_RIGHT>=15 && $USER->GetID()==$zr["USER_ID"])) { // result rights $arrRESULT_PERMISSION = CFormResult::GetPermissions($RESULT_ID, $v); // new status rights $arrNEW_STATUS_PERMISSION = CFormStatus::GetPermissions($NEW_STATUS_ID); if (in_array("EDIT", $arrRESULT_PERMISSION) && in_array("MOVE", $arrNEW_STATUS_PERMISSION)) { $RIGHT_OK = "Y"; } } } if ($RIGHT_OK=="Y") { $dbEvents = GetModuleEvents('form', 'onBeforeResultStatusChange'); while ($arEvent = $dbEvents->Fetch()) { ExecuteModuleEventEx($arEvent, array($WEB_FORM_ID, $RESULT_ID, &$NEW_STATUS_ID, $CHECK_RIGHTS)); if ($ex = $APPLICATION->GetException()) $strError .= $ex->GetString().'<br />'; } if (strlen($strError) <= 0) { // call handler before change status CForm::ExecHandlerBeforeChangeStatus($RESULT_ID, "SET_STATUS", $NEW_STATUS_ID); $arFields = Array( "TIMESTAMP_X" => $DB->GetNowFunction(), "STATUS_ID" => "'".intval($NEW_STATUS_ID)."'" ); $DB->Update("b_form_result",$arFields,"WHERE ID='".$RESULT_ID."'",$err_mess.__LINE__); $dbEvents = GetModuleEvents('form', 'onAfterResultStatusChange'); while ($arEvent = $dbEvents->Fetch()) { ExecuteModuleEventEx($arEvent, array($WEB_FORM_ID, $RESULT_ID, $NEW_STATUS_ID, $CHECK_RIGHTS)); } // call handler after change status CForm::ExecHandlerAfterChangeStatus($RESULT_ID, "SET_STATUS"); return true; } } else $strError .= GetMessage("FORM_ERROR_ACCESS_DENIED")."<br>"; } else $strError .= GetMessage("FORM_ERROR_RESULT_NOT_FOUND")."<br>"; return false; }
if ($RESULT_ID > 0) { $q = CFormResult::GetByID($RESULT_ID); if (!($arrResult = $q->Fetch())) { // result not found $title = str_replace("#FORM_ID#", "{$WEB_FORM_ID}", GetMessage("FORM_RESULT_LIST")); require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_admin_after.php"; echo "<p><a href='/bitrix/admin/form_result_list.php?lang=" . LANGUAGE_ID . "&WEB_FORM_ID=" . $WEB_FORM_ID . "'>" . $title . "</a></p>"; echo ShowError(GetMessage("FORM_RESULT_NOT_FOUND")); require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/epilog_admin.php"; die; } $WEB_FORM_ID = intval($arrResult["FORM_ID"]); } else { $arrResult = array(); } $F_RIGHT = intval(CForm::GetPermission($WEB_FORM_ID)); // form rights if ($RESULT_ID > 0) { $arrRESULT_PERMISSION = CFormResult::GetPermissions($RESULT_ID, $v); } else { $arrRESULT_PERMISSION = array(); if ($F_RIGHT >= 20) { $arrRESULT_PERMISSION[] = 'EDIT'; } } $EDIT_ADDITIONAL = "Y"; // whether to edit additional fields $EDIT_STATUS = "Y"; // whether to edit status if ($bSimple) { $EDIT_ADDITIONAL = "N";
function GetList($WEB_FORM_ID, &$by, &$order, $arFilter=Array(), &$is_filtered, $CHECK_RIGHTS="Y", $records_limit=false) { $err_mess = (CFormResult::err_mess())."<br>Function: GetList<br>Line: "; global $DB, $USER, $strError; $CHECK_RIGHTS = ($CHECK_RIGHTS=="Y") ? "Y" : "N"; $WEB_FORM_ID = intval($WEB_FORM_ID); $F_RIGHT = CForm::GetPermission($WEB_FORM_ID); $USER_ID = intval($USER->GetID()); $arSqlSearch = array(); $arr["FIELDS"] = array(); $strSqlSearch = ""; if (is_array($arFilter)) { $arFilter = CFormResult::PrepareFilter($WEB_FORM_ID, $arFilter); $z = CForm::GetByID($WEB_FORM_ID); $form = $z->Fetch(); /***********************/ $z = CFormField::GetList($WEB_FORM_ID, "", $v1, $v2, array(), $v3); while ($zr=$z->Fetch()) { $arPARAMETER_NAME = array("ANSWER_TEXT", "ANSWER_VALUE", "USER"); CFormField::GetFilterTypeList($arrUSER, $arrANSWER_TEXT, $arrANSWER_VALUE, $arrFIELD); foreach ($arPARAMETER_NAME as $PARAMETER_NAME) { switch ($PARAMETER_NAME) { case "ANSWER_TEXT": $arFILTER_TYPE = $arrANSWER_TEXT["reference_id"]; break; case "ANSWER_VALUE": $arFILTER_TYPE = $arrANSWER_VALUE["reference_id"]; break; case "USER": $arFILTER_TYPE = $arrUSER["reference_id"]; break; } foreach ($arFILTER_TYPE as $FILTER_TYPE) { $arrUF = array(); $arrUF["ID"] = $zr["ID"]; $arrUF["PARAMETER_NAME"] = $PARAMETER_NAME; $arrUF["FILTER_TYPE"] = $FILTER_TYPE; $FID = $form["SID"]."_".$zr["SID"]."_".$PARAMETER_NAME."_".$FILTER_TYPE; if ($FILTER_TYPE=="date" || $FILTER_TYPE=="integer") { $arrUF["SIDE"] = "1"; $arrFORM_FILTER[$FID."_1"] = $arrUF; $arrUF["SIDE"] = "2"; $arrFORM_FILTER[$FID."_2"] = $arrUF; $arrUF["SIDE"] = "0"; $arrFORM_FILTER[$FID."_0"] = $arrUF; } else $arrFORM_FILTER[$FID] = $arrUF; } } } if (is_array($arrFORM_FILTER)) $arrFORM_FILTER_KEYS = array_keys($arrFORM_FILTER); //echo "arFilter:<pre>"; print_r($arFilter); echo "</pre>"; //echo "arrFORM_FILTER:<pre>"; print_r($arrFORM_FILTER); echo "</pre>"; //echo "arrFORM_FILTER_KEYS:<pre>"; print_r($arrFORM_FILTER_KEYS); echo "</pre>"; $t = 0; $filter_keys = array_keys($arFilter); for ($i=0; $i<count($filter_keys); $i++) { $key = $filter_keys[$i]; $val = $arFilter[$filter_keys[$i]]; if(is_array($val)) { if(count($val) <= 0) continue; } else { if( (strlen($val) <= 0) || ($val === "NOT_REF") ) continue; } $match_value_set = (in_array($key."_EXACT_MATCH", $filter_keys)) ? true : false; $key = strtoupper($key); switch($key) { case "ID": $match = ($arFilter[$key."_EXACT_MATCH"]=="N" && $match_value_set) ? "Y" : "N"; $arSqlSearch[] = GetFilterQuery("R.ID", $val, $match); break; case "STATUS": $arSqlSearch[] = "R.STATUS_ID='".intval($val)."'"; break; case "STATUS_ID": $match = ($arFilter[$key."_EXACT_MATCH"]=="N" && $match_value_set) ? "Y" : "N"; $arSqlSearch[] = GetFilterQuery("R.STATUS_ID", $val, $match); break; case "TIMESTAMP_1": $arSqlSearch[] = "R.TIMESTAMP_X>=".$DB->CharToDateFunction($val, "SHORT"); break; case "TIMESTAMP_2": $arSqlSearch[] = "R.TIMESTAMP_X<".$DB->CharToDateFunction($val, "SHORT")." + INTERVAL 1 DAY"; break; case "DATE_CREATE_1": $arSqlSearch[] = "R.DATE_CREATE>=".$DB->CharToDateFunction($val, "SHORT"); break; case "DATE_CREATE_2": $arSqlSearch[] = "R.DATE_CREATE<".$DB->CharToDateFunction($val, "SHORT")." + INTERVAL 1 DAY"; break; case "TIME_CREATE_1": $arSqlSearch[] = "R.DATE_CREATE>=".$DB->CharToDateFunction($val, "FULL"); break; case "TIME_CREATE_2": $arSqlSearch[] = "R.DATE_CREATE<".$DB->CharToDateFunction($val, "FULL"); break; case "REGISTERED": $arSqlSearch[] = ($val=="Y") ? "R.USER_ID>0" : "(R.USER_ID<=0 or R.USER_ID is null)"; break; case "USER_AUTH": $arSqlSearch[] = ($val=="Y") ? "(R.USER_AUTH='Y' and R.USER_ID>0)" : "(R.USER_AUTH='N' and R.USER_ID>0)"; break; case "USER_ID": $match = ($arFilter[$key."_EXACT_MATCH"]=="N" && $match_value_set) ? "Y" : "N"; $arSqlSearch[] = GetFilterQuery("R.USER_ID", $val, $match); break; case "GUEST_ID": $match = ($arFilter[$key."_EXACT_MATCH"]=="N" && $match_value_set) ? "Y" : "N"; $arSqlSearch[] = GetFilterQuery("R.STAT_GUEST_ID", $val, $match); break; case "SESSION_ID": $match = ($arFilter[$key."_EXACT_MATCH"]=="N" && $match_value_set) ? "Y" : "N"; $arSqlSearch[] = GetFilterQuery("R.STAT_SESSION_ID", $val, $match); break; case "SENT_TO_CRM": $arSqlSearch[] = GetFilterQuery("R.SENT_TO_CRM", $val, "Y"); break; default: if (is_array($arrFORM_FILTER)) { $key = $filter_keys[$i]; if (in_array($key, $arrFORM_FILTER_KEYS)) { $arrF = $arrFORM_FILTER[$key]; if (is_array($arr["FIELDS"]) && !in_array($arrF["ID"],$arr["FIELDS"])) { $t++; $A = "A".$t; $arr["TABLES"][] = "b_form_result_answer ".$A; $arr["WHERE"][] = "(".$A.".RESULT_ID=R.ID and ".$A.".FIELD_ID='".$arrF["ID"]."')"; $arr["FIELDS"][] = $arrF["ID"]; } switch(strtoupper($arrF["FILTER_TYPE"])) { case "EXIST": if ($arrF["PARAMETER_NAME"]=="ANSWER_TEXT") $arSqlSearch[] = "length(".$A.".ANSWER_TEXT)+0>0"; elseif ($arrF["PARAMETER_NAME"]=="ANSWER_VALUE") $arSqlSearch[] = "length(".$A.".ANSWER_VALUE)+0>0"; elseif ($arrF["PARAMETER_NAME"]=="USER") $arSqlSearch[] = "length(".$A.".USER_TEXT)+0>0"; break; case "TEXT": $match = ($arFilter[$key."_exact_match"]=="Y") ? "N" : "Y"; $sql = ""; if ($arrF["PARAMETER_NAME"]=="ANSWER_TEXT") $sql = GetFilterQuery($A.".ANSWER_TEXT_SEARCH", ToUpper($val), $match); elseif ($arrF["PARAMETER_NAME"]=="ANSWER_VALUE") $sql = GetFilterQuery($A.".ANSWER_VALUE_SEARCH", ToUpper($val), $match); elseif ($arrF["PARAMETER_NAME"]=="USER") $sql = GetFilterQuery($A.".USER_TEXT_SEARCH", ToUpper($val), $match); if ($sql!=="0" && strlen(trim($sql))>0) $arSqlSearch[] = $sql; break; case "DROPDOWN": case "ANSWER_ID": $arSqlSearch[] = $A.".ANSWER_ID=".intval($val); break; case "DATE": if ($arrF["PARAMETER_NAME"]=="USER") { if (CheckDateTime($val)) { if ($arrF["SIDE"]=="1") $arSqlSearch[] = $A.".USER_DATE>=".$DB->CharToDateFunction($val, "SHORT"); elseif ($arrF["SIDE"]=="2") $arSqlSearch[] = $A.".USER_DATE<".$DB->CharToDateFunction($val, "SHORT")." + INTERVAL 1 DAY"; elseif ($arrF["SIDE"]=="0") $arSqlSearch[] = $A.".USER_DATE=".$DB->CharToDateFunction($val); } } break; case "INTEGER": if ($arrF["PARAMETER_NAME"]=="USER") { if ($arrF["SIDE"]=="1") $arSqlSearch[] = $A.".USER_TEXT+0>=".intval($val); elseif ($arrF["SIDE"]=="2") $arSqlSearch[] = $A.".USER_TEXT+0<=".intval($val); elseif ($arrF["SIDE"]=="0") $arSqlSearch[] = $A.".USER_TEXT='".intval($val)."'"; } elseif ($arrF["PARAMETER_NAME"]=="ANSWER_TEXT") { if ($arrF["SIDE"]=="1") $arSqlSearch[] = $A.".ANSWER_TEXT+0>=".intval($val); elseif ($arrF["SIDE"]=="2") $arSqlSearch[] = $A.".ANSWER_TEXT+0<=".intval($val); elseif ($arrF["SIDE"]=="0") $arSqlSearch[] = $A.".ANSWER_TEXT='".intval($val)."'"; } elseif ($arrF["PARAMETER_NAME"]=="ANSWER_VALUE") { if ($arrF["SIDE"]=="1") $arSqlSearch[] = $A.".ANSWER_VALUE+0>=".intval($val); elseif ($arrF["SIDE"]=="2") $arSqlSearch[] = $A.".ANSWER_VALUE+0<=".intval($val); elseif ($arrF["SIDE"]=="0") $arSqlSearch[] = $A.".ANSWER_VALUE='".intval($val)."'"; } break; } } } } } } if ($by == "s_id") $strSqlOrder = "ORDER BY R.ID"; elseif ($by == "s_date_create") $strSqlOrder = "ORDER BY R.DATE_CREATE"; elseif ($by == "s_timestamp") $strSqlOrder = "ORDER BY R.TIMESTAMP_X"; elseif ($by == "s_user_id") $strSqlOrder = "ORDER BY R.USER_ID"; elseif ($by == "s_guest_id") $strSqlOrder = "ORDER BY R.STAT_GUEST_ID"; elseif ($by == "s_session_id") $strSqlOrder = "ORDER BY R.STAT_SESSION_ID"; elseif ($by == "s_status") $strSqlOrder = "ORDER BY R.STATUS_ID"; elseif ($by == "s_sent_to_crm") $strSqlOrder = "ORDER BY R.SENT_TO_CRM"; else { $by = "s_timestamp"; $strSqlOrder = "ORDER BY R.TIMESTAMP_X"; } if ($order!="asc") { $strSqlOrder .= " desc "; $order="desc"; } $strSqlSearch = GetFilterSqlSearch($arSqlSearch); if (is_array($arr["TABLES"])) $str1 = implode(",\n ",$arr["TABLES"]); if (is_array($arr["WHERE"])) $str2 = implode("\n and ",$arr["WHERE"]); if (strlen($str1)>0) $str1 = ",\n ".$str1; if (strlen($str2)>0) $str2 = "\n and ".$str2; if ($records_limit===false) { $records_limit = "LIMIT ".intval(COption::GetOptionString("form","RECORDS_LIMIT")); } else { $records_limit = intval($records_limit); if ($records_limit>0) { $records_limit = "LIMIT ".$records_limit; } } //this hack is for mysql <3.23. we no longer support that dino. //$DB->Query("SET SQL_BIG_TABLES=1", false, $err_mess.__LINE__); if ($CHECK_RIGHTS!="Y" || $F_RIGHT >= 30 || CForm::IsAdmin()) { $strSql = " SELECT R.ID, R.USER_ID, R.USER_AUTH, R.STAT_GUEST_ID, R.STAT_SESSION_ID, R.STATUS_ID, R.SENT_TO_CRM, ".$DB->DateToCharFunction("R.DATE_CREATE")." DATE_CREATE, ".$DB->DateToCharFunction("R.TIMESTAMP_X")." TIMESTAMP_X, S.TITLE STATUS_TITLE, S.CSS STATUS_CSS FROM b_form_result R, b_form_status S $str1 WHERE $strSqlSearch $str2 and R.FORM_ID = '$WEB_FORM_ID' and S.ID = R.STATUS_ID GROUP BY R.ID, R.USER_ID, R.USER_AUTH, R.STAT_GUEST_ID, R.STAT_SESSION_ID, R.DATE_CREATE, R.STATUS_ID, R.SENT_TO_CRM $strSqlOrder $records_limit "; $res = $DB->Query($strSql, false, $err_mess.__LINE__); //echo '<pre>'.$strSql.'</pre>'; } elseif ($F_RIGHT>=15) { $arGroups = $USER->GetUserGroupArray(); if (!is_array($arGroups)) $arGroups[] = 2; if (is_array($arGroups) && count($arGroups)>0) $groups = implode(",",$arGroups); if ($F_RIGHT<20) $str3 = "and ifnull(R.USER_ID,0) = $USER_ID"; $strSql = " SELECT R.ID, R.USER_ID, R.USER_AUTH, R.STAT_GUEST_ID, R.STAT_SESSION_ID, R.STATUS_ID, R.SENT_TO_CRM, ".$DB->DateToCharFunction("R.DATE_CREATE")." DATE_CREATE, ".$DB->DateToCharFunction("R.TIMESTAMP_X")." TIMESTAMP_X, S.TITLE STATUS_TITLE, S.CSS STATUS_CSS FROM b_form_result R, b_form_status S, b_form_status_2_group G$str1 WHERE $strSqlSearch $str2 $str3 and R.FORM_ID = '$WEB_FORM_ID' and S.ID = R.STATUS_ID and G.STATUS_ID = S.ID and ( (G.GROUP_ID in ($groups)) or (G.GROUP_ID in ($groups,0) and ifnull(R.USER_ID,0) = $USER_ID and $USER_ID>0) ) and G.PERMISSION in ('VIEW', 'EDIT', 'DELETE') GROUP BY R.ID, R.USER_ID, R.USER_AUTH, R.STAT_GUEST_ID, R.STAT_SESSION_ID, R.SENT_TO_CRM, R.DATE_CREATE, R.STATUS_ID, R.SENT_TO_CRM $strSqlOrder $records_limit "; $res = $DB->Query($strSql, false, $err_mess.__LINE__); } else { $res = new CDBResult(); $res->InitFromArray(array()); } //echo "<pre>".$strSql."</pre>"; //echo "<pre>".$strSqlSearch."</pre>"; $is_filtered = (IsFiltered($strSqlSearch)); return $res; }
$APPLICATION->AddChainItem($arParams["CHAIN_ITEM_TEXT"], $arParams["CHAIN_ITEM_LINK"]); } // preparing additional parameters $arResult["FORM_ERROR"] = $_REQUEST["strError"]; //$arResult["FORM_NOTE"] = $_REQUEST["strFormNote"]; if (!empty($_REQUEST["formresult"]) && $_SERVER['REQUEST_METHOD'] != 'POST') { $formResult = strtoupper($_REQUEST['formresult']); switch ($formResult) { case 'ADDOK': $arResult['FORM_NOTE'] = str_replace("#RESULT_ID#", $arParams["RESULT_ID"], GetMessage('FORM_NOTE_ADDOK')); break; default: $arResult['FORM_NOTE'] = str_replace("#RESULT_ID#", $arParams["RESULT_ID"], GetMessage('FORM_NOTE_EDITOK')); } } $arParams["F_RIGHT"] = CForm::GetPermission($arParams["WEB_FORM_ID"]); if ($arParams["F_RIGHT"] < 15) { $APPLICATION->AuthForm(GetMessage("ACCESS_DENIED")); } $arParams["isStatisticIncluded"] = CModule::IncludeModule("statistic"); if (is_array($arParams["NOT_SHOW_FILTER"])) { $arParams["arrNOT_SHOW_FILTER"] = $arParams["NOT_SHOW_FILTER"]; } else { $arParams["arrNOT_SHOW_FILTER"] = explode(",", $arParams["NOT_SHOW_FILTER"]); } if (is_array($arParams["arrNOT_SHOW_FILTER"])) { //array_walk($arParams["arrNOT_SHOW_FILTER"], create_function("&\$item", "\$item=trim(\$item);")); TrimArr($arParams["arrNOT_SHOW_FILTER"]); } else { $arParams["arrNOT_SHOW_FILTER"] = array(); }
function GetList($WEB_FORM_ID, &$by, &$order, $arFilter = array(), &$is_filtered, $CHECK_RIGHTS = "Y", $records_limit = false) { $err_mess = CFormResult::err_mess() . "<br>Function: GetList<br>Line: "; global $DB, $USER, $strError; $CHECK_RIGHTS = $CHECK_RIGHTS == "Y" ? "Y" : "N"; $WEB_FORM_ID = intval($WEB_FORM_ID); $F_RIGHT = CForm::GetPermission($WEB_FORM_ID); $USER_ID = intval($USER->GetID()); $arSqlSearch = array(); $arrSEARCH = array(); $arrFIELDS = array(); $strSqlSearch = ""; if (is_array($arFilter)) { $arFilter = CFormResult::PrepareFilter($WEB_FORM_ID, $arFilter); $z = CForm::GetByID($WEB_FORM_ID); $form = $z->Fetch(); $z = CFormField::GetList($WEB_FORM_ID, "", $v1, $v2, array(), $v3); while ($zr = $z->Fetch()) { $arPARAMETER_NAME = array("ANSWER_TEXT", "ANSWER_VALUE", "USER"); CFormField::GetFilterTypeList($arrUSER, $arrANSWER_TEXT, $arrANSWER_VALUE, $arrFIELD); foreach ($arPARAMETER_NAME as $PARAMETER_NAME) { switch ($PARAMETER_NAME) { case "ANSWER_TEXT": $arFILTER_TYPE = $arrANSWER_TEXT["reference_id"]; break; case "ANSWER_VALUE": $arFILTER_TYPE = $arrANSWER_VALUE["reference_id"]; break; case "USER": $arFILTER_TYPE = $arrUSER["reference_id"]; break; } foreach ($arFILTER_TYPE as $FILTER_TYPE) { $arrUF = array(); $arrUF["ID"] = $zr["ID"]; $arrUF["PARAMETER_NAME"] = $PARAMETER_NAME; $arrUF["FILTER_TYPE"] = $FILTER_TYPE; $FID = $form["SID"] . "_" . $zr["SID"] . "_" . $PARAMETER_NAME . "_" . $FILTER_TYPE; if ($FILTER_TYPE == "date" || $FILTER_TYPE == "integer") { $arrUF["SIDE"] = "1"; $arrFORM_FILTER[$FID . "_1"] = $arrUF; $arrUF["SIDE"] = "2"; $arrFORM_FILTER[$FID . "_2"] = $arrUF; $arrUF["SIDE"] = "0"; $arrFORM_FILTER[$FID . "_0"] = $arrUF; } else { $arrFORM_FILTER[$FID] = $arrUF; } } } } if (is_array($arrFORM_FILTER)) { $arrFORM_FILTER_KEYS = array_keys($arrFORM_FILTER); } //echo "arFilter:<pre>"; print_r($arFilter); echo "</pre>"; //echo "arrFORM_FILTER:<pre>"; print_r($arrFORM_FILTER); echo "</pre>"; //echo "arrFORM_FILTER_KEYS:<pre>"; print_r($arrFORM_FILTER_KEYS); echo "</pre>"; $t = 0; $filter_keys = array_keys($arFilter); for ($i = 0; $i < count($filter_keys); $i++) { $key = $filter_keys[$i]; $val = $arFilter[$filter_keys[$i]]; if (strlen($val) <= 0 || "{$val}" == "NOT_REF") { continue; } if (is_array($val) && count($val) <= 0) { continue; } $match_value_set = in_array($key . "_EXACT_MATCH", $filter_keys) ? true : false; $key = strtoupper($key); switch ($key) { case "ID": $match = $arFilter[$key . "_EXACT_MATCH"] == "N" && $match_value_set ? "Y" : "N"; $arSqlSearch[] = GetFilterQuery("R.ID", $val, $match); break; case "STATUS": $arSqlSearch[] = "R.STATUS_ID='" . intval($val) . "'"; break; case "STATUS_ID": $match = $arFilter[$key . "_EXACT_MATCH"] == "N" && $match_value_set ? "Y" : "N"; $arSqlSearch[] = GetFilterQuery("R.STATUS_ID", $val, $match); break; case "TIMESTAMP_1": $arSqlSearch[] = "R.TIMESTAMP_X>=" . $DB->CharToDateFunction($val, "SHORT"); break; case "TIMESTAMP_2": $arSqlSearch[] = "R.TIMESTAMP_X<" . $DB->CharToDateFunction($val, "SHORT") . "+1"; break; case "DATE_CREATE_1": $arSqlSearch[] = "R.DATE_CREATE>=" . $DB->CharToDateFunction($val, "SHORT"); break; case "DATE_CREATE_2": $arSqlSearch[] = "R.DATE_CREATE<" . $DB->CharToDateFunction($val, "SHORT") . "+1"; break; case "TIME_CREATE_1": $arSqlSearch[] = "R.DATE_CREATE>=" . $DB->CharToDateFunction($val, "FULL"); break; case "TIME_CREATE_2": $arSqlSearch[] = "R.DATE_CREATE<" . $DB->CharToDateFunction($val, "FULL"); break; case "REGISTERED": $arSqlSearch[] = $val == "Y" ? "R.USER_ID>0" : "(R.USER_ID<=0 or R.USER_ID is null)"; break; case "USER_AUTH": $arSqlSearch[] = $val == "Y" ? "(R.USER_AUTH='Y' and R.USER_ID>0)" : "(R.USER_AUTH='N' and R.USER_ID>0)"; break; case "USER_ID": $match = $arFilter[$key . "_EXACT_MATCH"] == "N" && $match_value_set ? "Y" : "N"; $arSqlSearch[] = GetFilterQuery("R.USER_ID", $val, $match); break; case "GUEST_ID": $match = $arFilter[$key . "_EXACT_MATCH"] == "N" && $match_value_set ? "Y" : "N"; $arSqlSearch[] = GetFilterQuery("R.STAT_GUEST_ID", $val, $match); break; case "SESSION_ID": $match = $arFilter[$key . "_EXACT_MATCH"] == "N" && $match_value_set ? "Y" : "N"; $arSqlSearch[] = GetFilterQuery("R.STAT_SESSION_ID", $val, $match); break; default: if (is_array($arrFORM_FILTER)) { $key = $filter_keys[$i]; if (in_array($key, $arrFORM_FILTER_KEYS)) { $arrF = $arrFORM_FILTER[$key]; if (!in_array($arrF["ID"], $arrFIELDS)) { $t++; $arSqlSearch_f = array(); $A = "A" . $t; $arrFIELDS[$t] = $arrF["ID"]; } switch (strtoupper($arrF["FILTER_TYPE"])) { case "EXIST": if ($arrF["PARAMETER_NAME"] == "ANSWER_TEXT") { $arSqlSearch_f[] = $A . ".ANSWER_TEXT is not null"; } elseif ($arrF["PARAMETER_NAME"] == "ANSWER_VALUE") { $arSqlSearch_f[] = $A . ".ANSWER_VALUE is not null"; } elseif ($arrF["PARAMETER_NAME"] == "USER") { $arSqlSearch_f[] = $A . ".USER_TEXT is not null"; } break; case "TEXT": $match = $arFilter[$key . "_exact_match"] == "Y" ? "N" : "Y"; $sql = ""; if ($arrF["PARAMETER_NAME"] == "ANSWER_TEXT") { $sql = GetFilterQuery($A . ".ANSWER_TEXT_SEARCH", ToUpper($val), $match, array(), "Y", "Y", "Y"); } elseif ($arrF["PARAMETER_NAME"] == "ANSWER_VALUE") { $sql = GetFilterQuery($A . ".ANSWER_VALUE_SEARCH", ToUpper($val), $match, array(), "Y", "Y", "Y"); } elseif ($arrF["PARAMETER_NAME"] == "USER") { $sql = GetFilterQuery($A . ".USER_TEXT_SEARCH", ToUpper($val), $match, array(), "Y", "Y", "Y"); } if ($sql !== "0" && strlen(trim($sql)) > 0) { $arSqlSearch_f[] = $sql; } break; case "DROPDOWN": case "ANSWER_ID": $arSqlSearch_f[] = $A . ".ANSWER_ID=" . intval($val); break; case "DATE": if ($arrF["PARAMETER_NAME"] == "USER") { if (CheckDateTime($val)) { if ($arrF["SIDE"] == "1") { $arSqlSearch_f[] = $A . ".USER_DATE>=" . $DB->CharToDateFunction($val, "SHORT"); } elseif ($arrF["SIDE"] == "2") { $arSqlSearch_f[] = $A . ".USER_DATE<" . $DB->CharToDateFunction($val, "SHORT") . "+1"; } elseif ($arrF["SIDE"] == "0") { $arSqlSearch_f[] = $A . ".USER_DATE=" . $DB->CharToDateFunction($val); } } } break; case "INTEGER": if ($arrF["PARAMETER_NAME"] == "USER") { if ($arrF["SIDE"] == "1") { $arSqlSearch_f[] = "\r\n\t\t\t\t\t\t\t\t\t\t\t\t\tCONVERT_TO_NUMBER(\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tDBMS_LOB.SUBSTR(" . $A . ".USER_TEXT, \r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tDBMS_LOB.GETLENGTH(" . $A . ".USER_TEXT),\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t1)\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t)>=" . intval($val); } elseif ($arrF["SIDE"] == "2") { $arSqlSearch_f[] = "\r\n\t\t\t\t\t\t\t\t\t\t\t\t\tCONVERT_TO_NUMBER(\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tDBMS_LOB.SUBSTR(" . $A . ".USER_TEXT,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tDBMS_LOB.GETLENGTH(" . $A . ".USER_TEXT),\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t1)\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t)<=" . intval($val); } elseif ($arrF["SIDE"] == "0") { $arSqlSearch_f[] = "\r\n\t\t\t\t\t\t\t\t\t\t\t\t\tCONVERT_TO_NUMBER(\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tDBMS_LOB.SUBSTR(" . $A . ".USER_TEXT,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tDBMS_LOB.GETLENGTH(" . $A . ".USER_TEXT),\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t1)\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t)=" . intval($val); } } elseif ($arrF["PARAMETER_NAME"] == "ANSWER_TEXT") { if ($arrF["SIDE"] == "1") { $arSqlSearch_f[] = "CONVERT_TO_NUMBER(" . $A . ".ANSWER_TEXT)>=" . intval($val); } elseif ($arrF["SIDE"] == "2") { $arSqlSearch_f[] = "CONVERT_TO_NUMBER(" . $A . ".ANSWER_TEXT)<=" . intval($val); } elseif ($arrF["SIDE"] == "0") { $arSqlSearch_f[] = "CONVERT_TO_NUMBER(" . $A . ".ANSWER_TEXT)=" . intval($val); } } elseif ($arrF["PARAMETER_NAME"] == "ANSWER_VALUE") { if ($arrF["SIDE"] == "1") { $arSqlSearch_f[] = "CONVERT_TO_NUMBER(" . $A . ".ANSWER_VALUE)>=" . intval($val); } elseif ($arrF["SIDE"] == "2") { $arSqlSearch_f[] = "CONVERT_TO_NUMBER(" . $A . ".ANSWER_VALUE)<=" . intval($val); } elseif ($arrF["SIDE"] == "0") { $arSqlSearch_f[] = "CONVERT_TO_NUMBER(" . $A . ".ANSWER_VALUE)=" . intval($val); } } break; } if (is_array($arSqlSearch_f) && count($arSqlSearch_f) > 0) { $arrSEARCH[$t] = $arSqlSearch_f; } } } } } } if ($by == "s_id") { $strSqlOrder = "ORDER BY R.ID"; } elseif ($by == "s_date_create") { $strSqlOrder = "ORDER BY R.DATE_CREATE"; } elseif ($by == "s_timestamp") { $strSqlOrder = "ORDER BY R.TIMESTAMP_X"; } elseif ($by == "s_user_id") { $strSqlOrder = "ORDER BY R.USER_ID"; } elseif ($by == "s_guest_id") { $strSqlOrder = "ORDER BY R.STAT_GUEST_ID"; } elseif ($by == "s_session_id") { $strSqlOrder = "ORDER BY R.STAT_SESSION_ID"; } elseif ($by == "s_valid") { $strSqlOrder = "ORDER BY R.VALID"; } else { $by = "s_timestamp"; $strSqlOrder = "ORDER BY R.TIMESTAMP_X"; } if ($order != "asc") { $strSqlOrder .= " desc "; $order = "desc"; } $strSqlSearch = GetFilterSqlSearch($arSqlSearch); $strSqlSearch_F = ""; if (is_array($arrSEARCH) && count($arrSEARCH) > 0) { reset($arrSEARCH); while (list($index, $arrS) = each($arrSEARCH)) { $field = intval($arrFIELDS[$index]); if ($field > 0) { $str = implode(" and ", $arrS); $strSqlSearch_F .= "\r\n\t\t\t\t\t\tand EXISTS (\r\n\t\t\t\t\t\t\tSELECT 'x' FROM b_form_result_answer A{$index} \r\n\t\t\t\t\t\t\tWHERE\r\n\t\t\t\t\t\t\t\tA{$index}.RESULT_ID=R.ID \r\n\t\t\t\t\t\t\tand A{$index}.FIELD_ID={$field}\r\n\t\t\t\t\t\t\tand {$str}\r\n\t\t\t\t\t\t)\r\n\t\t\t\t\t\t"; } } } $records_limit = $records_limit === false ? intval(COption::GetOptionString("form", "RECORDS_LIMIT")) : intval($records_limit); if ($CHECK_RIGHTS != "Y" || CForm::IsAdmin()) { $strSql = "\r\n\t\t\t\tSELECT \r\n\t\t\t\t\tR.ID, R.USER_ID, R.USER_AUTH, R.STAT_GUEST_ID, R.STAT_SESSION_ID, R.STATUS_ID,\r\n\t\t\t\t\t" . $DB->DateToCharFunction("R.DATE_CREATE") . "\tDATE_CREATE,\r\n\t\t\t\t\t" . $DB->DateToCharFunction("R.TIMESTAMP_X") . "\tTIMESTAMP_X,\r\n\t\t\t\t\tS.TITLE\t\t\t\tSTATUS_TITLE,\r\n\t\t\t\t\tS.CSS\t\t\t\tSTATUS_CSS\r\n\t\t\t\tFROM \r\n\t\t\t\t\tb_form_result R, \r\n\t\t\t\t\tb_form_status S\r\n\t\t\t\tWHERE \r\n\t\t\t\t{$strSqlSearch}\r\n\t\t\t\t{$strSqlSearch_F}\r\n\t\t\t\tand R.FORM_ID='{$WEB_FORM_ID}'\r\n\t\t\t\tand S.ID = R.STATUS_ID\r\n\t\t\t\tGROUP BY \r\n\t\t\t\t\tR.ID, R.USER_ID, R.USER_AUTH, R.STAT_GUEST_ID, R.STAT_SESSION_ID, R.DATE_CREATE, R.TIMESTAMP_X, R.STATUS_ID, S.ID, S.TITLE, S.CSS\r\n\t\t\t\t{$strSqlOrder}\r\n\t\t\t\t"; if ($records_limit > 0) { $strSql = "SELECT * FROM ({$strSql}) WHERE ROWNUM<=" . $records_limit; } $res = $DB->Query($strSql, false, $err_mess . __LINE__); } elseif ($F_RIGHT >= 15) { $arGroups = $USER->GetUserGroupArray(); if (!is_array($arGroups)) { $arGroups[] = 2; } if (is_array($arGroups) && count($arGroups) > 0) { $groups = implode(",", $arGroups); } if ($F_RIGHT < 20) { $str3 = "and nvl(R.USER_ID,0) = {$USER_ID}"; } $strSql = "\r\n\t\t\t\tSELECT \r\n\t\t\t\t\tR.ID, R.USER_ID, R.USER_AUTH, R.STAT_GUEST_ID, R.STAT_SESSION_ID, R.STATUS_ID,\r\n\t\t\t\t\t" . $DB->DateToCharFunction("R.DATE_CREATE") . "\tDATE_CREATE,\r\n\t\t\t\t\t" . $DB->DateToCharFunction("R.TIMESTAMP_X") . "\tTIMESTAMP_X,\r\n\t\t\t\t\tS.TITLE\t\t\t\tSTATUS_TITLE,\r\n\t\t\t\t\tS.CSS\t\t\t\tSTATUS_CSS\r\n\t\t\t\tFROM \r\n\t\t\t\t\tb_form_result R, \r\n\t\t\t\t\tb_form_status S, \r\n\t\t\t\t\tb_form_status_2_group G\r\n\t\t\t\tWHERE \r\n\t\t\t\t{$strSqlSearch}\r\n\t\t\t\t{$strSqlSearch_F}\r\n\t\t\t\tand R.FORM_ID='{$WEB_FORM_ID}'\r\n\t\t\t\tand S.ID = R.STATUS_ID\r\n\t\t\t\tand G.STATUS_ID = S.ID\r\n\t\t\t\tand (\r\n\t\t\t\t\t(G.GROUP_ID in ({$groups})) or\r\n\t\t\t\t\t(G.GROUP_ID in ({$groups},0) and nvl(R.USER_ID,0) = {$USER_ID} and {$USER_ID}>0)\r\n\t\t\t\t\t)\r\n\t\t\t\tand G.PERMISSION in ('VIEW', 'EDIT', 'DELETE')\r\n\t\t\t\tGROUP BY \r\n\t\t\t\t\tR.ID, R.USER_ID, R.USER_AUTH, R.STAT_GUEST_ID, R.STAT_SESSION_ID, R.DATE_CREATE, R.TIMESTAMP_X, R.STATUS_ID, S.ID, S.TITLE, S.CSS\r\n\t\t\t\t{$strSqlOrder}\r\n\t\t\t\t"; if ($records_limit > 0) { $strSql = "SELECT * FROM ({$strSql}) WHERE ROWNUM<=" . $records_limit; } $res = $DB->Query($strSql, false, $err_mess . __LINE__); } else { $res = new CDBResult(); $res->InitFromArray(array()); } //echo "<pre>".$strSqlSearch."</pre>"; //echo "<pre>".$strSql."</pre>"; $is_filtered = IsFiltered($strSqlSearch) || strlen($strSqlSearch_F) > 0; return $res; }